The “evil nexus” between company data breaches and online fraud is a fertile hunting ground for fraudsters and profit-motivated information exchange based on what they are able to get from porous systems and unprotected data. Hackers connected to underground fraud networks are able to get their hands on credit card and identity data, sell it and launch global fraud attacks with relative ease now.
At the same time, online companies often fight back with limited technology and resources – and must factor in the customer experience. These businesses therefore need to balance reducing friction in customer transactions with using the right technology to detect fraud.
THE INNER-WORKINGS OF THE EVIL FRAUD NEXUS
We know well that cybercriminals operate as an organized operation. “At a macro level,” says ThreatMetrix, “moving from data breaches to online fraud is a four-step process based on tight collaboration, community and a network of sharing information.”
Who knew fraudsters could be so organized? It seems that they are, in fact ThreatMetrix believes that cybercriminals can be split into two groups:
Harvesters & Hackers: Those who concentrate on breaching enterprises to steal credit card and consumer online identities by the millions using techniques like malware, Trojans, phishing, social engineering, and more. They make money by selling credit cards and identities through underground forums or fraud rings called “cashers.”
Cashers (Fraud Rings): These groups have made significant investments in stealing credit cards and online identities, using them across thousands of e-commerce and FIs – both places in which you can transact online and commit significant financial fraud.
ONLINE FRAUD: ATTACK CHANNELS AND VECTORS
Cybercriminals can take advantage of businesses using multiple channels to allow customers to transact. As evidence of this, today, 20-30% of all transactions come from mobile devices. These crooks “attack through the front door,” says ThreatMetrix, in the following ways:
Card Not Present Fraud: Using stolen credit cards and matching identities to purchase items.
Account Takeover: Accessing consumers’ ecommerce site accounts, social media, email or banking accounts, and proceeding to transfer money to mule accounts or make high value transactions.
Fictitious Fraudulent Account Origination: Using stolen or fabricated identities to create new accounts on social networks, e-commerce sites and banks to pretend to be a customer, then buy gift cards and merchandise.
To learn how to establish trust across all types of online transactions and stop account takeover, card-not-present, and fictitious account registration fraud attacks, download the free whitepaper below.